#!/usr/bin/expect

# Author: Adamo Ferro
# Version: 1.0 (December 15, 2015)

# This script allows the modification of network IP address/netmask
# for a certain VLAN, and the global default gateway of a Cisco switch.
# The script works in two steps:
# - change the IP/network
# - change the default gateway
# For each step a new connection is established, as the IP change
# usually makes the telnet session fall.
#
# The script is suited for (and has been tested on) Cisco ME3400
# switches with Cisco IOS 12.2(37)SE METROIPACCESS. It surely works
# also with other models and IOS versions, but it has not been
# tested on other devices.

# Usage:
# ./cisco-change-network-address <vlan> <old_ip> <new_ip> <new_mask> <new_default-gateway> <password> <enable_password>

# Requirements:
# - Linux machine and shell utility "expect"
#     "expect" can be easily installed on Ubuntu/Debian systems using:
#     sudo apt-get install expect
# - give execution rights to the script (e.g. chmod a+x cisco-change-network-parameters)
# - IMPORTANT: if the new network parameters belong to a completely new
#   network segment, be sure the Linux machine can reach the new address
#   ALSO BEFORE changing the old switch default gateway. This can be
#   accomplished e.g. by connecting at level 2 the Linux machine
#   on the selected VLAN and assigning to its network interface
#   two IP addresses at the same time (one on the old and one on the
#   new network segment). This avoids passing through the switch
#   default gateway, so the switch is always reachable.

# Modifications you may need:
# - your switch may require also a username, just add a new
#     set from argv at the beginning and a new
#     expect "Username:"/send statement before the password one
# - commands "ip classless" and "ip subnet-zero" may be not necessary



# ************** BEGINNING OF THE SCRIPT **************


# PARSING OF INPUT PARAMETERS

# selected VLAN
set vlan [lindex $argv 0]

# current IP address
set ip_address_old [lindex $argv 1]

# new network parameters
set ip_address [lindex $argv 2]
set netmask [lindex $argv 3]
set default_gateway [lindex $argv 4]

# password and enable password
set password [lindex $argv 5]
set enablepassword [lindex $argv 6]



# CHANGE IP, NETMASK AND DEFAULT GATEWAY

# the slowest operation is conf writing
set timeout 10

# connect via telnet to current IP
spawn telnet $ip_address_old

# expect password request
expect "Password:" {
  send "$password\n"

  expect ">" {

    # enter in privileged mode
    send "en\n"
    expect "Password:"
    send "$enablepassword\n"

    # enter in configuration mode
    expect "#"
    send "conf t\n"
    expect "(config)#"

    # the following MAY BE NOT NECESSARY
    # depending on the new IP and IOS version
    send "ip classless\n"
    expect "(config)#"
    send "ip subnet-zero\n"
    expect "(config)#"

    # choose the right VLAN
    send "int vlan $vlan\n"
    expect "(config-if)#"

    # change IP/netmask
    send "ip address $ip_address $netmask\n"

    # ----- CONNECTION IS LOST -----


    # connect via telnet to new IP
    spawn telnet $ip_address

    # give credentials
    expect "Password:" {
      send "$password\n"

      expect ">" {
        send "en\n"
        expect "Password:"
        send "$enablepassword\n"
        expect "#"

        # configure new default gateway
        send "conf t\n"
        expect "(config)#"
        send "ip default-gateway $default_gateway\n"
        expect "(config)#"
        send "exit\n"
        expect "#"

        # write new configuration to memory and disconnect
        send "wr m\n"
        expect "#"
        send "exit\n"
      }
    }
  }
}